Disable all Expired AD and move accounts to the Disabled Users OU

Recently i have been undertaking a look at revamping the leavers process. This code is a stop gap for expired accounts to be disabled and moved into the disabled OU. An email can then be sent to the Service Desk team to notify them of the accounts that have been moved.

$Account = Search-ADAccount -AccountExpired | select Name, SamAccountName, AccountExpirationDate, LastLogonDate

foreach ($line in $Account){

Get-ADUser -Identity $line.SamAccountName | Disable-ADAccount -WhatIf
Get-ADUser -Identity $line.SamAccountName | Move-ADObject -TargetPath “OU=Disabled Accounts,OU=domain,DC=domain,DC=domain” -WhatIf


$Name = $Account.Name
$Body = @()
$Body += “Names of Disabled Users:” + “`n”
$Body += $Name
$Body = $Body | Out-String

$date = Get-Date -Format g
$Subject = “Disabled Users for” + ” ” + (Get-date -Format g)

Send-MailMessage -From <ADExpiry>@domain.net -To <Recipient>@domain.co.uk -SmtpServer <IP> -Subject $Subject -Body $Body

Add a NIC to an Azure IaaS VM

At the moment if you want to add a new NIC to a VM, you will need to complete the attachment via PowerShell. You should be aware that a VM may need to be offline before you add the NIC too it.  You can follow the below to add your multiple NIC’s to your Azure VM’s.

N.B. Not all the virtual machines sizes support multiple NICs. Check if your VM size is supported ( https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-size-specs/)


#Get the VNET to which to connect the NIC
$VNET = Get-AzureRmVirtualNetwork -Name ‘<vNet>’ -ResourceGroupName ‘<ResourceGroup>’

#Get the Subnet ID to which to connect the NIC
$SubnetID = (Get-AzureRmVirtualNetworkSubnetConfig -Name ‘Subnet’ -VirtualNetwork $VNET).Id

#NIC Name
$NICName = ‘<vmname-ethvalue>’

#NIC Resource Group
$NICResourceGroup = ‘<ResourceGroup>’

#NIC creation location
$Location = ‘<Region>’

#Enter the IP address
$IPAddress = ‘<IP>’

#Create now the NIC Interface
New-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroup -Location $Location -SubnetId $SubnetID -PrivateIpAddress $IPAddress

$VMname = ‘<Name>’
$VMRG =  ‘<ResourceGroup>’

#Get the VM
$VM = Get-AzureRmVM -Name $VMname -ResourceGroupName $VMRG

#Add the second NIC
$NewNIC = Get-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroup
$VM = Add-AzureRmVMNetworkInterface -VM $VM -Id $NewNIC.Id

#Show the Network interfaces

#We have to set one of the NICs to Primary, i will set the first NIC in this example
$VM.NetworkProfile.NetworkInterfaces.Item(1).Primary = $true

Convert VM’s to use Azure Hybrid Benefit for Windows Server with Azure PowerShell

As most people we always want to drop costs in our IT Infrastructure, with the new Azure Hybrid Benefit for Windows Server this is another way to save money.

Azure Hybrid Benefit for Windows Server allows you to use your on-premises Windows Server licenses and run Windows virtual machines on Azure at a reduced cost. This has been added to the Azure Resource Manager VM deployment process. You can historically go back through your current VM’s and utilise these savings if you are applicable.

Be aware that some VM sizes are not supported, so you may run into this issue.

# To login to Azure Resource Manager

# To select a default subscription for your current session
Set-AzureRmContext -SubscriptionId “<Subscription-ID>”

$VMs = Get-AzureRMVM | Where-Object {$_.LicenseType -eq “”}

foreach ($VM in $VMs) {

$vm.LicenseType = “Windows_Server”
Update-AzureRmVM -VM $VM -ResourceGroupName $VM.ResourceGroupName


Generate a complex password with PowerShell

This code was created to allow a user to generate a complex password, with either 15 characters for administrative users or a 10 character password for a regular user.


Password Creation script.


function Generate-Password{

[Parameter(Mandatory = $true,Position = 0,valueFromPipeline=$true)]
#Mandatory specifies whether a value needs to be specified.
#Position means position in function, for instance Position = 0 is like Identity in Get-Mailbox, no need to specify the param name for position 0.
#Above specifies a default value if a unique value is not set.
)#End of parameter.


[char[]] $Upper = @(65..90)
[char[]] $Lower = @(97..122)
$Number = @(1..19)



Admin {-join($Upper + $Lower + $Number | Get-Random -Count 15)}
Normal {-join($Upper + $Lower + $Number | Get-Random -Count 10)}
Default {“Please choose either Admin or normal.”}




Export Azure Resource Manager NSG Configurations

The following code will output your NSG configuration to a .txt file for review/backup.

function Get-AzureNSGConfiguration{

$subscriptionId = (Get-AzureRmSubscription |
Out-GridView `
-Title “Select an Azure Subscription” -OutputMode Single
Select-AzureRmSubscription -SubscriptionId $subscriptionId

$outputArray = @()

foreach($AzureRmNetworkSecurityGroup in (Get-AzureRmNetworkSecurityGroup)){

foreach($SecurityRule in $AzureRmNetworkSecurityGroup.SecurityRules){

$NSG = New-Object -TypeName PSObject
$NSG | Add-Member -MemberType NoteProperty -Name Name -Value $SecurityRule.Name
$NSG | Add-Member -MemberType NoteProperty -Name Protocol -Value $SecurityRule.Protocol
$NSG | Add-Member -MemberType NoteProperty -Name SourcePortRange -Value $SecurityRule.SourcePortRange
$NSG | Add-Member -MemberType NoteProperty -Name DestinationPortRange -Value $SecurityRule.DestinationPortRange
$NSG | Add-Member -MemberType NoteProperty -Name SourceAddressPrefix -Value $SecurityRule.SourceAddressPrefix
$NSG | Add-Member -MemberType NoteProperty -Name DestinationAddressPrefix -Value $SecurityRule.DestinationAddressPrefix
$NSG | Add-Member -MemberType NoteProperty -Name Access -Value $SecurityRule.Access
$NSG | Add-Member -MemberType NoteProperty -Name Direction -Value $SecurityRule.Direction
$NSG | Add-Member -MemberType NoteProperty -Name SecurityGroup -Value $AzureRmNetworkSecurityGroup.Name
$outputArray += $NSG






Office 365 with Outlook 2010/2016 unable to create signatures

During a recent Office 365 migration, there were users that were simultaneously being migrated from Outlook 2010 to 2016. There was a couple of issues where users came up against an error when trying to create a signature. This turned out to be that in the roaming profile, the “Signatures” folder was missing.

To be on the safe side the script ensures that the “Signatures” folder exists on the Appdata copy of the user profile and in the Roaming copy of the profile.

$Names = (Get-ChildItem -Path “\\RootDomainShare\CN\Profiles” | select Name).Name

Foreach ($Name in $Names){

if (Test-Path -Path “\\RootDomainShare\CN\Profiles\$Name\Application Data\Microsoft\Signatures” -PathType Container) {

Write-Output “-Exists: \\RootDomainShare\CN\Profiles\$Name\Application Data\Microsoft\Signatures”




New-Item “\\RootDomainShare\CN\Profiles\$Name\Application Data\Microsoft\Signatures” -Type Directory > $null
Write-Output “$Name doesnt have Signatures dir”